Oxford University hit hard by Mac Flashback infections

Biggest outbreak since since Windows Blaster worm

In a small window into the chaos wrought by the Mac Flashback Trojan, the University of Oxford Computing Services team has described it as the worst malware outbreak it has had to contend with since the Windows Blaster worm of 2003.

According to an OxCERT blog from last week, the University suffered several hundred incidents among the students and faculty in recent weeks “and they keep on coming,” an infection level that could challenge the 1,000 incidents caused by Blaster nine years ago.

Hitherto, the department had dealt with Mac malware only occasionally, usually caused by users trying out pirated software or compromised SSH credentials, said OxCERT’s Robin Stevens.

“But with Flashback, the game has changed forever. We are seeing huge numbers of attacks of the sort that Windows users have had to contend with for years,” said Stevens. “Apple users, and indeed Apple themselves, just have not been ready.”

Related:

A serious Apple malware outbreak has been predicted for some years with Java vulnerabilities (Java being cross-platform) always being the likely vehicle for the first major example.

Universities, meanwhile, are an obvious hotspot for computer use - every single student will own at least one - but amidst the famous 'dreaming spires' of Oxford the Mac has acquired a particularly strong following. Flashback was always going to spell trouble for the institution's IT services staff.

“As well as Apple’s apparently slow response to a recent vulnerability, and general air of secrecy, one of the problems that the attacks have highlighted is Apple’s product support lifecycles, which are much shorter than in the Windows world,” he said.

Security companies disagree on the precise number of Apple users hit by Flashback but a maximum number over 800,000 looks possible on the basis of analysis by the Russian company that first sounded the alarm over infections levels, Dr. Web.

We have been hearing for years how CIOs and senior IT professionals need to bury the hatchet with line of business managers and, instead of focusing on the latest bleeding-edge technology for its own sake, seek to better understand the overall strategic objectives of their organisations.